10 Hacking Tools Every Security Professional Should Know Of
Wednesday, Apr 29 2015
While the term ‘hacking’ is often thought of in a pejorative sense, it can also mean fixing or bringing attention to a security flaw that needs get it fixed, before a malicious hacker finds a way in.
There are many great tools available on the Internet to help ethical hackers. With so many out there, however, sometimes it’s difficult to find the good ones. To save you work, we’ve gone through the masses of tools available and hand picked the best ones:
Maltrieve is a tool used by security researchers to directly collect malware from the servers they are hosted from. This open source tool enables malware analysts and security program professionals to get the newest samples made available my parsing through URL lists and known malware hosting locations.
2. Burp Suite
Burp Suite contains features that can help security testers and ethical hackers. Popular, commonly used applications used within this tool include the ‘Burp Suite Spider’ which can enumerate and map out the various pages and parameters of a website by looking into cookies and initiating connections with web applications within the website.It makes for an excellent web hacking tool that many penetration testers to look into the vulnerabilities of websites and web applications.
3. Angry IP Scanner
Angry IP Scanner, is a freely available hacking network scanner that is both fast and easy to use. It is also open-source and cross-platform. The main task of the hacking tool is to scan IP addresses and ports to find open doors and ports.
Voyeur can be used to analyse threats by scanning through data in Active Directory Services. The program generates a quick and accurate report which connects end users with computers, groups and devices on a corporate network and also enables incident responders to mine the information as a party of any security incident investigation. The tool does not require admin level credentials to function and the results/report can also be exported into a CSV file or an Excel spreadsheet.
Viproy can enable penetration testers to locate and identify weaknesses in multimedia communication sessions. It is designed to also improve the quality of VoIP Penetration Tests.In various demonstrations, it automates discovery of VoIP devices and identifies attempts to manipulate speed dial, make unauthorized calls and uncover information-gathering attacks. It also supports Cisco, Microsoft Link and other common vendors.
6. John The Ripper
John the Ripper is a popular password cracking penetration tester tool that is commonly used to perform dictionary attacks. The program takes text string samples (a text file), encrypting it in the same way as the password being cracked (this process includes both the encryption algorithm and key), and comparing the output of the encrypted string.
Snort is a hacking and network tool that can be configured in one of three modes. It can be used as a sniffer, packet logger, or within network intrusion detection. In the commonly used sniffer mode, this hackers program will read network packets and display them on a GUI (Graphical User Interface). The packet logger mode allows Snort to audit and log packets to the disk. With the intrusion detection mode, Snort also monitors network traffic and analyses it against a rule set that is pre-determined by the user.
8. EttercapEttercap is hugely popular and widely used by cybersecurity professionals. Ettercap works by placing the users’ network interface into promiscuous mode and by ARP poisoning the target machines. In other words, helping a ‘Main in the Middle’ attack. Once successful, Ettercap (and the hacker) can deploy various attacks on the victims. A popular feature about Ettercap is its’ ability to support various plugins, as well.
9. Cain & Abel
Cain & Abel is a password recovery and hack tool that is mostly used for Microsoft systems. This popular tool allows the user to seek the recovery of various kinds of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks. Cain, as it is often referred to, can also record VoIP conversations, decode hashed scrambled passwords, and recover wireless network keys.
Metasploit is also a hugely popular penetration testing or hacking tool that is used by cybersecurity professionals and ethical hackers. It is a security program that supplies information about known security vulnerabilities and helps formulate penetration testing. It is best known for its anti-forensic and evasion tools, many of which are embedded and built into the Metasploit Framework.
In summation, many of the hacking tools above have been demonstrated at the Black Hat conference (a hugely popular security conference) and have a track record of helping penetration testers uncovering weaknesses in VoIP communications, secure popular websites like Amazon Web Services, etc.
These tools uncover software vulnerabilities and take advantage of configuration weaknesses that may not be routinely addressed by businesses or repaired by software makers. They are hack-tools that can be also used for the betterment of online security and ought to be looked into by security professionals.
Original Article: http://blog.lifars.com/2015/04/29/10-hacking-tools-every-security-professional-should-know-of/